QUESTION 61For what reason would you configure multiple security contexts on the ASA firewall?

A. To enable the use of VFRs on routers that are adjacently connectedB. To provide redundancy and high availability within the organizationC. To enable the use of multicast routing and QoS through the firewallD. To seperate different departments and business units

Answer: D

QUESTION 62What VPN feature allows Internet traffic and local LAN/WAN traffic to use the same network connection.

A. split tunnelingB. hairpinningC. tunnel modeD. transparent mode

Answer: A

QUESTION 63When is the best time to perform an anti-virus signature update?

A. When the local scanner has detected a new virusB. When a new virus is discovered in the wildC. Every time a new update is availableD. When the system detects a browser hook

Answer: C

QUESTION 64What is the effect of the send-lifetime local 23:59:00 31 December 31 2013 infinite command?

A. It configures the device to begin transmitting the authentication key to other devices at 00:00:00 local time on January 1, 2014 and continue using the key indefinitely.B. It configures the device to begin transmitting the authentication key to other devices at 23:59:00 local time on December 31, 2013 and continue using the key indefinitely.C. It configures the device to begin accepting the authentication key from other devices immediately and stop accepting the key at 23:59:00 local time on December 31, 2013.D. It configures the device to generate a new authentication key and transmit it to other devices at 23:59 00 local time on December 31, 2013.E. It configures the device to begin accepting the authentication key from other devices at 23:59:00 local time on December 31, 2013 and continue accepting the key indefinitely.F. It configures the device to begin accepting the authentication key from other devices at 00:00:00 local time on January 1, 2014 and continue accepting the key indefinitely.

Answer: B

QUESTION 65Which Statement about personal firewalls is true?

A. They are resilient against kernal attacksB. They can protect email messages and private documents in a similar way to a VPNC. They can protect the network against attacksD. They can protect a system by denying probing requests

Answer: D

QUESTION 66Refer to the exhibit. While troubleshooting site-to-site VPN, you issued the show crypto ipsec sa command. What does the given output show?

A. ISAKMP security associations are established between 10.1.1.5 and 10.1.1.1B. IPSec Phase 2 is established between 10.1.1.1 and 10.1.1.5C. IKE version 2 security associations are established between 10.1.1.1 and 10.1.1.5D. IPSec Phase 2 is down due to a mismatch between encrypted and decrypted packets

Answer: B

QUESTION 67Which statement about a PVLAN isolated port configured on a switch is true?

A. The isolated port can communicate only with the promiscous portB. The isolated port can communicate with other isolated ports and the promiscuous portC. The isolated port can communicate only with community portsD. The isolated port can communicate only with other isolated ports

A. It can view encrypted filesB. It can be deployed at the perimeterC. It uses signature-based policiesD. It can have more restrictive policies than network-based IPSE. It works with deployed firewallsF. It can generate alerts based on behavior at the desktop level.

Answer: ADFExplanation:The key word here is ‘Cisco’, and Cisco’s host-based IPS, CSA, is NOT signature-based and CAN view encrypted files.

QUESTION 69What type of security support is provided by the Open Web Application Security Project?

A. Education about common Web site vulnerabilitiesB. A wb site security frameworkC. A security discussion forum for Web site developersD. Scoring of common vulnerabilities and exposures

Answer: A

QUESTION 70Refer to the exhibit. Which statement about the device time is true?

A. The time is authoritative because the clock is in syncB. The time is authoritative, but the NTP process has lost contact with its serversC. The clock is out of syncD. NTP is configured incorrectlyE. The time is not authoritative